Posts: 795
Threads: 136
Joined: Feb 2009
Hello,
i's like to know if it is possible to have a secure macro or exe to launch repetitive password filling in some softwares.
example : macro which fills some popup window
run "c:\program files(x86)\whatever.exe" "my password here as argument" "some other stuff"
Then I encrypt the macro, and then make it an exe.
Will this work?
Is this process:
- allowed to have the macro/exe unable to be reverse engineered to find out the password?
- allowed to be triggered as exe by certain window class, name etc.
Thanks
Posts: 12,086
Threads: 142
Joined: Dec 2002
Quote:allowed to have the macro/exe unable to be reverse engineered to find out the password?
If password is in encrypted macro (exe or not), nobody can see it.
Quote:allowed to be triggered as exe by certain window class, name etc.
what is "triggered as exe"?
Posts: 1,769
Threads: 410
Joined: Feb 2003
yes but it will be possible to know what password is being sent/typed.
Posts: 12,086
Threads: 142
Joined: Dec 2002
yes, macro sends decrypted password to the target window.
More secure if it sets accessible object text, like AutoPassword does by default.
Posts: 795
Threads: 136
Joined: Feb 2009
yes, my sentence was poor.
I meant, will the encrypted macro/exe can be triggered by a window, but not show evidence of
what is the trigger in QM main window/exe code?
To secure the process, is there a way to secure the str variable passed to the window?
And what about if the macro simply launches the application from command line?
No copy/paste involved.
Is it safer?
It would then simply call the application with arguments, would it be able to catch the password in that way?
Posts: 795
Threads: 136
Joined: Feb 2009
OK, did think, did read the manual....
So what I did so far:
1. Put password in option security tab, for AutoPassword function
2. Made the macro as this one (Named Test encryption)
_s="ThePasswordIuseinPlainText"
int w=win("Window with text password to fill" "#32770")
Acc a.Find(w "TEXT" "Enter password here please:" "class=Edit[]id=1035[]state=0x20000000 0x20000040" 0x1005)
AutoPassword "" _s a.Hwnd
Fails with message:
Error (RT) in Test encryption: if active window belongs to qm, use hwnd.
Any help on 1) weakly inplemented or stupid way to do it 2) why error message 3) why i doesn't work?
Ty
Posts: 12,086
Threads: 142
Joined: Dec 2002
int w=win("Window with text password to fill" "#32770")
AutoPassword "" _s 0 w
Posts: 795
Threads: 136
Joined: Feb 2009
In fact, I did use that code to make it work
int w1=win("Window to fill with password" "#32770")
int w2=child(356 "" "" w1 0x8 132 16)
AutoPassword "" _s w2
Some more please:
1. Is there any flaw in this code then? The encrypted macro runs as exe without problem.
Where is the possibility to get the password in this code? It is in plain text in the macro code before encryption.
2. I can launch the exe from an already encrypted partition, starting by autorun when the exe hosting partition is securily mounted.
How can I make the exe waiting for the password input window to autofill it each time i need to?
I tried
_i=-1
repeat
___
___ifa
___code to feel the password
___.....
___if(_i>0) break
___continue
Pity code, i'm stuck there...i simply need an endless loop with a wait time of some seconds
waiting for the window to pop...if not present, continue loop, if present, fill password and wait again.
BTW, I'd like that because trigger window text if visible in QM, even if macro is encrypted. Should fix this Gintaras IMHO, trigger should disappear
with macro code when encrypted....
Posts: 12,086
Threads: 142
Joined: Dec 2002
AutoPassword "" _s w2
is incorrect. Skipped flags.
Quote:Where is the possibility to get the password in this code?
There are possibilities to steal password when your exe runs. They either must be programmers (eg create own dialog with same parameters...) or use a password spy software. It is impossible to make completely secure.
Quote:How can I make the exe waiting for the password input window to autofill it each time i need to?
example with notepad
Macro Macro1760
rep
,int w=wait(0 WC win("Untitled - Notepad" "Notepad"))
,act w
,key "password"
,wait 1
,key B(#10)
,clo w
Posts: 795
Threads: 136
Joined: Feb 2009
1. AutoPassword "" _s w2
Changed in AutoPassword "" _s 1 w2
2. Quote:There are possibilities to steal password when your exe runs. They either must be programmers (eg create own dialog with same parameters...) or use a password spy software. It is impossible to make completely secure.
So no possibility to *find* it in the code, only when *using* the exe?
3. No wait, continue, break in that one? I should have find then....
Posts: 12,086
Threads: 142
Joined: Dec 2002
In code password is encrypted. They can find it only if the macro was not encrypted when making exe.
Posts: 795
Threads: 136
Joined: Feb 2009
OK, almost done. Just some tuning.
In fact i now must take care of not having key loggers in my PC, right?
BTW, isn't it possible to encrypt the password, put in password text child in window, and decrypt from there? no typing, no clipboard
in plain text, should efficient way no?
Posts: 12,086
Threads: 142
Joined: Dec 2002
Difficult. Would need to create dll, inject it into that process, let it decrypt the password...
I don't know how smart are keyloggers. AutoPassword by default does not use keys and clipboard, therefore intercepting password is much more difficult.
Posts: 795
Threads: 136
Joined: Feb 2009
|